This release includes 3 security fixes for security teams reviewing exposed deployments.
Topics
Summary
AI summarySecurity patches for CVE-2026-42557, CVE-2026-42266, and CVE-2026-40171.
Full changelog
4.5.7
Security patches
The details of advisories are under embargo until JupyterLab and Notebook releases land on supported distribution channels.
- CVE-2026-42557 https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-mqcg-5x36-vfcg
- CVE-2026-42266 https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-37w4-hwhx-4rc4
- CVE-2026-40171 https://github.com/jupyter/notebook/security/advisories/GHSA-rch3-82jr-f9w9
Bugs fixed
- Video and Audio Content Providers: Fix JupyterLite support #18652 (@martinRenou)
- Fix notebook hang when dropping cells #18808 (@MUFFANUJ)
- Fix Contextual Help keyboard shortcut reliability and menu Help functionality #18747 (@itsmejay80)
- Fix focusing input element when opening a dialog from Command Palette #18735 (@Carreau)
- Fix native context menu blocked even when context menu is suppressed #18753 (@utsav-develops)
- Fix flaky toolbar item placement in popup #18618 (@filipeoliveira05)
- Update terminal default font family to honor macOS system-wide ui-monospace #18647 (@flaviomartins)
Maintenance and upkeep improvements
- Fix linting issue #18819 (@krassowski)
- Fix syntax for Python 3.9 on
4.5.xbranch #18817 (@krassowski) - Remove unused CodeMirror v5 CSS rule #18785 (@Carreau)
- Remove unused CSS rule forgotten after CodeMirror migration #18763 (@Carreau)
- Remove unused progress bar CSS rule in execution indicator #18759 (@Carreau)
- Remove dead
.jp-VariableRenderer-TrustButtonCSS rule #18762 (@Carreau) - Remove used
.jp-Cell-PlaceholderCSS rules #18761 (@Carreau)
Documentation improvements
- Fix name of option for extension manager implementation in docs #18788 (@krassowski)
- Remove 4.5.0 announcement from docs #18740 (@krassowski)
Contributors to this release
The following people contributed discussions, new ideas, code and documentation contributions, and review.
See our definition of contributors.
(GitHub contributors page for this release)
@Carreau (activity) | @filipeoliveira05 (activity) | @flaviomartins (activity) | @itsmejay80 (activity) | @jtpio (activity) | @krassowski (activity) | @martinRenou (activity) | @MUFFANUJ (activity) | @utsav-develops (activity)
Security Fixes
- CVE-2026-42557 — https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-mqcg-5x36-vfcg
- CVE-2026-42266 — https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-37w4-hwhx-4rc4
- CVE-2026-40171 (Notebook) — https://github.com/jupyter/notebook/security/advisories/GHSA-rch3-82jr-f9w9
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
Related context
Related tools
Beta — feedback welcome: [email protected]